1. Field of the Invention
The present invention relates to an apparatus and a method for dynamic update of a software-based IPTV conditional access system, and more particularly, a method for registering a conditional access server and a conditional access code, and an update policy and downloading the conditional access codes, a method for updating the conditional access server in accordance with the update policy in the headend, a method for downloading a plurality of conditional access codes to the receiver (i.e., the settop box) through an IP network, and a method for executing a valid conditional access code in accordance with the update policy, in order to download the conditional access codes in a receiver (i.e., a settop box) and update an entire conditional access system by changing a conditional access server in a headend.
2. Description of the Related Art
In general, a conditional access system (CAS) is a contents security solution that allows only an authorized subscriber to watch a corresponding channel in a pay TV system. That is, the CAS grants an authority of watching a pay broadcast. The CAS scrambles broadcast contents and transmits the scrambled broadcast contents to a subscriber through a cable, a satellite, a terrestrial, Internet, etc., and grants an authority to descramble the scrambled broadcast contents only to a subscriber who pays a TV subscription fee to allow the subscriber to watch a ‘pay service’.
FIGS. 1 to 3 are a block diagram for describing a configuration of a known conditional access system. As shown in FIGS. 1 to 3, the known conditional access system includes a headend 100 and a receiver 200.
At this time, the headend 100 transmits scrambled contents to the receiver 200 in order to prevent an unauthorized subscriber from accessing the broadcast contents. For this, the headend 100 includes a control word generator 120, a conditional access server 140, a scrambler 160, and a multiplexer (MUX) 180.
The control word generator 120 generates control words (i.e., keys used as a scrambling key and a descrambling key) used for scrambling and descrambling contents. The control word generator 120 provides the generated control words to the conditional access server 140 and the scrambler 160.
The conditional access server 140 includes an encryption module 141, an entitlement control message (ECM) generation module 146, and an entitlement management message (EMM) generation module 148. The encryption module 141 includes a first encryption module 142 encrypting the control words generated by the control word generator 120 by using an authentication key and a second encryption module 144 encrypting the authentication key used to encrypt the control words by using a subscriber key. The entitlement control message (ECM) generation module 146 generates an entitlement control message (ECM) including the control words encrypted by using the authentication key in the first encryption module 142. The authority message generation module 148 generates the entitlement management message (EMM) including the authentication key encrypted by using the subscriber key in the second encryption module 144.
The scrambler 160 scrambles the contents by using the scrambling key. That is, the scrambler 160 scrambles the contents by using the control words generated by the control word generator 120 as the scrambling key. Herein, the control words used as the scrambling key in the scrambler 160 are used as the descrambling key in the descrambler 240 of the receiver 200.
The multiplexer 180 provides the scrambled contents and the entitlement control message (ECM) and the entitlement management message (EMM) generated by the condition access server 140 to a plurality of receivers 200.
The receiver 200 receives the scrambled contents received from the headend 100. The receiver 200 descrambles the contents scrambled by using the control word (i.e., the descrambling key) received from the headend 100 to restore the contents.
In the known conditional access system as described above, the conditional access server 140 encrypts the control word with the authentication key and transmits the encrypted control word to the receiver 200 through the entitlement control message (ECM) in order to safely transmit the control word to the receiver 200. In addition, the conditional access server 140 encrypts the authentication key by using the subscriber key (i.e., a subscriber privacy key) again and thereafter, transmits the encrypted authentication key to the receiver 200 through the entitlement management message (EMM). The conditional access server 140 generates the entitlement control message (ECM) and the entitlement management message (EMM) depending on subscription and withdrawal of the subscriber. At this time, the subscriber key managed by the subscriber management system 300 is incorporated in a smart card 280 and provided to the subscriber.
When the receiver 200 receives the entitlement control message (ECM) and the entitlement management message (EMM) from the conditional access server 140 of the headend 100, the receiver 200 performs a decrypting process of the keys (i.e., the authentication key and the subscriber key) in an order reverse to the order performed by the server after passing through a message verification process. First, the receiver 200 decrypts the authentication key included in the entitlement management message (EMM) by means of the subscriber key incorporated in the smart card 280. Thereafter, the receiver 200 decrypts the control word by means of the decrypted authentication key. Next, the receiver 200 descrambles the scrambled contents by means of the decrypted control word. At this time, the receiver 200 includes a demultiplexer 220, a key management module 260 including a descrambler 246, an entitlement control message (ECM) authentication module 262 and an entitlement management message (EMM) authentication module 264, and first and second decryption modules 266 and 268, and a smart card 280.
As described above, in the case of a known hardware-based conditional access system used to provide a pay TV service, such as a cable or a satellite, the conditional access system is changeable only by replacing a removable smart card 280 or hardware installed in the receiver 200. As a result, the known hardware-based conditional access system is mounted as a replaceable hardware device such as the smart card 280 or an embedded system in the receiver 200 by including a key encrypting/decrypting part or the descrambler 246. Therefore, the known hardware-based conditional access system is difficult to replace.
In order to solve the above-mentioned problem, a software-based conditional access system using an IP network has been developed. In order to acquire the control word of the receiver 200, the software-based conditional access system converts the key management module 260 that processes an entitlement control message (ECM) and an entitlement management message (EMM) into a conditional access codes and downloads it from the headend 100, objectifies the downloaded conditional access codes through a loader, and acquires the control word by receiving current conditional access messages as an input of the objectified code. Since the software-based IPTV conditional access system uses the IP network, it can safely download the conditional access codes. As a result, a function to dynamically update the conditional access codes can improve the safety of the software-based conditional access system. That is, since an IPTV uses a bidirectional IP network, a software-based conditional access system that safely downloads the conditional access codes for processing the conditional access message and executes a valid conditional access code becomes available.
However, since the software-based conditional access system is less safe than the hardware-based conditional access system, a method for updating the conditional access system driven in the receiver 200 to a conditional access system of a type which is difficult to hack. However, since a conditional access function is directly related with channel reception, dynamic update of the conditional access system should not interrupt an authorized user's channel reception.
Therefore, the known software-based conditional access system downloads and changes the conditional access codes whenever updating the conditional access server 140 in order to safely download the conditional access codes, thereby causing breaking while watching.
Further, in the known software-based conditional access system, when the conditional access codes are set to be downloadable only in booting or downloadable only once a day in order to prevent breaking while watching, the conditional access codes should be updated at the next download time or an IPTV receiver 200 which is being watched by a user should be rebooted in the case in which a problem in safety is detected.